SDDC Manager shows vCenter certificate is expired in a workload domain.
search cancel

SDDC Manager shows vCenter certificate is expired in a workload domain.

book

Article ID: 390689

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

SDDC Manager -> Workload Domains -> Select a Domain -> Certificates -> vCenter certificate is expired or will be expired.

Environment

VMware Cloud Foundation 4.x

VMware Cloud Foundation 5.x

Cause

The vCenter certificate shown in the SDDC manager is the vCenter Machine_SSL certificate. You can replace it in the vCenter. 

Resolution

1. Confirm if this Machine_SSL certificate was signed by VMCA.

- You can check it by vCert

https://knowledge.broadcom.com/external/article/385107/vcert-scripted-vcenter-expired-certific.html

2. If yes, SSH to vCenter

3. Run the following command:
- /usr/lib/vmware-vmca/bin/certificate-manager

4. Select option 3, Replace Machine SSL certificate with VMCA Certificate.

5. Or use vCert to replace it

https://knowledge.broadcom.com/external/article/385107/vcert-scripted-vcenter-expired-certific.html

6. After replacing it, log out and log in to the SDDC UI,  you can find the certificate has been replaced.

 

For more info, please refer to
https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-5-2-and-earlier/5-1/vmware-cloud-foundation-operations-5-1/vcf-best-practices-operations/certificate-operations-operations/replace-vcenter-server-expired-certificates-operations.html

Powered by Wolken Software